David Bircumshaw has helpfully provided further information about the virus,
including the fact that it was innocently transmitted to him by another
listee who didn't know he was infected and doesn't know its source. (His
server is looking into it, meanwhile, and I'll post any updates I get on
it.) Take care--Candice
____________________
It's a stealth type virus, and memory resident and polymorphic, and hits
Program Files.
Here's a definition from SARC:
VBS.Haptime.A@mm is a Visual Basic Script (VBS) worm. It infects .htm,
.html, .vbs, .asp, and .htt files. It replicates using MAPI objects to
spread itself as an attachment. Also, the worm attaches itself to all
outgoing messages using the stationery feature of Outlook Express.
The worm utilizes a known Microsoft Outlook Express security hole so that
the worm is executed without having to run any attachment.
Microsoft has patched this security hole that eliminates security
vulnerabilities in "Scriptlet.TypLib" ActiveX controls . The patch is
available at:
http://www.microsoft.com/technet/ie/tools/scrpteye.asp
If you have a patched version of Outlook Express, this worm will not work
automatically.
|